CategoryShell script

Bug in Bash shell allow attackers to execute code on Linux, Unix and Mac OSX

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Because of its wide distribution, the vulnerability could be  critical, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:

  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

A test on Mac OS X 10.9.4 (“Mavericks”) by Ars showed that it also has a vulnerable version of Bash. Apple has not yet patched Bash, though it just issued an update to “command line tools.”

While Bash is often thought of just as a local shell, it is also frequently used by Apache servers to execute CGI scripts for dynamic content (through mod_cgi and mod_cgid). A crafted web request targeting a vulnerable CGI application could launch code on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server. And a malicious DHCP server set up on a network or running as part of an “evil” wireless access point could execute code on some Linux systems using the Dynamic Host Configuration Protocol client (dhclient) when they connect.

There are other services that run on Linux and Unix systems, such as the CUPS printing system, that are similarly dependent on Bash that could be vulnerable.

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
this is a test

bash_vul

 

 

 

 

 

 

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.

 

Root Cause of this issue:

  • A flaw was found in the bash functionality that evaluates specially formatted environment variables passed to it from another environment.
    An attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  • For more information about this vulnerability, refer to the following article:
    Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)

 

Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) (Source Redhat)

In order to avoid exploitation from CVE-2014-6271, ensure that your system is updated to at least the following versions of Bash.

RHSA-2014:1293

  • Red Hat Enterprise Linux 7 – bash-4.2.45-5.el7_0.2
  • Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1
  • Red Hat Enterprise Linux 5 – bash-3.2-33.el5.1

RHSA-2014:1294

  • Red Hat Enterprise Linux 4 Extended Lifecycle Support – bash-3.0-27.el4.2
  • Red Hat Enterprise Linux 5.6 Long Life – bash-3.2-24.el5_6.1
  • Red Hat Enterprise Linux 5.9 Extended Update Support – bash-3.2-32.el5_9.2
  • Red Hat Enterprise Linux 6.2 Advanced Update Support – bash-4.1.2-9.el6_2.1
  • Red Hat Enterprise Linux 6.4 Extended Update Support – bash-4.1.2-15.el6_4.1

RHSA-2014:1295

  • SJIS for Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1.sjis.1
  • SJIS for Red Hat Enterprise Linux 5 – bash-3.2-33.el5_11.1.sjis.1
  • In order to update to the most recent version of the Bash package run the following command:
# yum update bash
  • Specify the package name in order to update to a particular version of Bash. For example, to update a Red Hat Enterprise Linux 6.5 system run:
# yum update bash-4.1.2-15.el6_5.1
  • The only way to fix it is to install updated Bash packages.
  • The safest & simplest thing to do is to perform a system reboot.
  • Carry out the following operation if system cannot be reboot.
/sbin/ldconfig

Read more information on this @ redhat

if…else…fi

If given condition is true then command1 is executed otherwise command2 is executed.
Syntax:

           if condition
           then
                       condition is zero (true - 0)
                       execute all commands up to else statement

           else
                       if condition is not true then
                       execute all commands up to fi
           fi

example of nested if else
osch=0
echo "1. Unix (Sun Os)"
echo "2. Linux (Red Hat)"
echo -n "Select your os choice [1 or 2]? "
read osch

if [ $osch -eq 1 ] ; then

     echo "You Pick up Unix (Sun Os)"

else #### nested if i.e. if within if ######
            
       if [ $osch -eq 2 ] ; then
             echo "You Pick up Linux (Red Hat)"
       else
             echo "What you don't like Unix/Linux OS."
       fi
fi

if condition

if condition which is used for decision making in shell script, If given condition is true then command1 is executed.
Syntax:

 if condition 
 then 
 command1 if condition is true or if exit status of condition is 0 (zero) 
 ... 
 ... 
 fi


Pipes

A pipe is a way to connect the output of one program to the input of another program without any temporary file.

Syntax:
command1 | command2

eg: who | wc -l  

Output of who command is given as input to wc command So that it will number of user who logon to system

Pipe - Redirecting output of 1st command to 2nd without creating temporary file

Command line arguements

eg:

$ myshell foo bar

 Shell Script name i.e. myshell
 First command line argument passed to myshell i.e. foo
 Second command line argument passed to myshell i.e. bar

In shell if we wish to refer this command line argument we refer above as follows

 myshell it is $0
 foo it is $1
 bar it is $2

Here $# (built in shell variable ) will be 2 (Since foo and bar only two Arguments), Please note at a time such 9 arguments can be used from $1..$9, You can also refer all of them by using $* (which expand to `$1,$2…$9`). Note that $1..$9 i.e command line arguments to shell script is know as “positional parameters“.


Wildcards

Wildcard types:

1. *  – Matches any string or group of characters.

2. ?  – Matches any single character.

3. […]  – Matches any one of the enclosed characters

Note: 

[..-..] A pair of characters separated by a minus sign denotes a range.

The read statement

Use to get input (data from user) from keyboard and store (data) to variable.
Syntax: 
read variable1, variable2,…variableN

 

eg:

#!/bin/sh

echo “Enter your name please”

read fname

echo “Welcome $fname”

Exit status

By default in Linux if particular command/shell script is executed, it return two type of values which is used to see whether command or shell script executed is successful or not.

(1) If return value is zero (0), command is successful.
(2) If return value is nonzero, command is not successful or some sort of error executing command/shell script.

This value is know as Exit Status.

exit status can be found out by issuing $ echo $?

if the output is 0, the previously executed command is successful if it’s a non zero value means the last command run is unsuccessful.

 

Quotes in scripts

Mainly three types of quotes are used.

1. ” – Double quotes: Anything enclose in double quotes removed meaning of that characters (except and $).

2. ‘ – Single quotes: Enclosed in single quotes remains unchanged.

3. ` – Back quotes: To execute command

 

 

Shell Arithmetic

used to perform arithmetic operations in shell scripts.

Synatax: $ expr  op1 operator  op2

eg:

$ expr 1 + 3
$ expr 2 – 1
$ expr 10 / 2
$ expr 20 % 3
$ expr 10 * 3
$ echo `expr 6 + 3`

in the last one we used back quote (` the one below the tilde symbol in standard keyboards).

if we use the back quote the last eg’s output may differ.

© 2017 My techbook

Theme by Anders NorénUp ↑